CN103650634B - Nms - Google Patents

Nms Download PDF

Info

Publication number
CN103650634B
CN103650634B CN201380001913.9A CN201380001913A CN103650634B CN 103650634 B CN103650634 B CN 103650634B CN 201380001913 A CN201380001913 A CN 201380001913A CN 103650634 B CN103650634 B CN 103650634B
Authority
CN
China
Prior art keywords
network
network management
nms
management equipment
management device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201380001913.9A
Other languages
Chinese (zh)
Other versions
CN103650634A (en
Inventor
下村高范
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yokogawa Electric Corp
Original Assignee
Yokogawa Electric Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yokogawa Electric Corp filed Critical Yokogawa Electric Corp
Publication of CN103650634A publication Critical patent/CN103650634A/en
Application granted granted Critical
Publication of CN103650634B publication Critical patent/CN103650634B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4604LAN interconnection over a backbone network, e.g. Internet, Frame Relay
    • H04L12/462LAN interconnection over a bridge based backbone
    • H04L12/4625Single bridge functionality, e.g. connection of two networks over a single bridge
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/37Managing security policies for mobile devices or for controlling mobile applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/16Gateway arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

A kind of NMS is provided, it is by using the wireless network management equipment with multiple security strategies, so as to be used in the network of multiple level of securitys simultaneously, and outside fire wall can be set and safety is ensured, save the step of setting and use redundant network.NMS is made up of following part:1st network(NW1), its connection factory management equipment(11、12);2nd network(NW2), its field equipment connecting(5l~5n);And wireless network management equipment(61、62), it has firewall functionality, with the 1st network(NW1)With the 2nd network(NW2)Connection.

Description

NMS
Technical field
The present invention relates to a kind of NMS, a kind of safety management of network is related in detail.
Background technology
Fig. 3 is an example for representing the existing network constructed based on industrial automation wireless communication standard ISA100.11a The block diagram of son.Factory management equipment 11,12 is connected with the 1st network N W1, and above-mentioned factory management equipment 11,12 constitutes the 1st place of safety Domain SA1.
1st network N W1 is connected via fire wall 21 with the 2nd network N W2.
Wireless network management equipment 31,32 is setting with the system management function in ISA100.11a and gateway function It is standby, the management of wireless network is carried out, and enters row information with the equipment on wireless network to exchange.
In addition, wireless network management equipment 31,32 is connected with the 2nd network N W2, and it is connected with the 3rd network N W3.
3rd network N W3 is also connected with maintenance terminal 4.Above-mentioned wireless network management equipment 31,32 and maintenance terminal 4 Constitute the 3rd safety zone SA3.
3rd network N W3 is connected via fire wall 22 with the 4th network N W4.
51~5n of field apparatus is connected with the 4th network N W4.Above-mentioned 51~5n of field apparatus constitutes the 5th safety zone SA5。
Herein, as fire wall 21,22, in order to meet the 1st safety zone SA1, the 3rd safety zone SA3 and the 5th peace Region-wide SA5 each different security strategies, and it is arranged on the border of each network.
In addition, so-called security strategy, the information e.g. comprising license with the IP address information of the network connection. In the case of setting perhaps attachable IP address, in the COM1, the connection from other IP address is impermissible for.
Security strategy is set in the 1st safety zone SA1, the security strategy is used to be set using factory management with redundancy structure Standby 11,12.
Security strategy is set in the 3rd safety zone SA3, the security strategy is used to use wireless network pipe with redundancy structure Reason equipment 31,32.
Set security strategy in the 5th safety zone SA5, the security strategy be used for many field apparatus 51 of parallel drive~ 5n。
The technology of following controlling network management systems is recorded in patent document 1, i.e.,:By the journey in industrial automation When sequence control system is constituted as wireless control network system, it is to avoid the malice third party's distorts, and make consolidated network Exist simultaneously and ensure relative importance value and require the programme-control wireless communication signals of senior real-time and less require real-time Signal.
Patent document 1:Japanese Unexamined Patent Publication 2011-142441 publications
The content of the invention
But, in the structure in figure 3, in new connection wireless network management equipment, it is necessary to guard network using fire wall Border, due to set fire wall and spend cost.
Further it is necessary to consider the 3rd peace of the maintenance terminal and redundant being directly connected to wireless network management equipment The safety of region-wide SA3, therefore, the management of security strategy becomes complicated.
In addition, not only needing to set fire wall, it is also necessary to set with network switching for constituting redundant network etc. It is standby.
Also, according to the structure of network, the communication of control redundant structure may be via other networks, so as to other Network produces influence.
Proposed currently invention addresses existing problem points as described above, it is intended that by using with multiple The wireless network management equipment of security strategy, and can simultaneously use the network of multiple level of securitys.
Other purposes are, by using the wireless network management equipment for being built-in with firewall functionality, it is ensured that safety, save The step of setting and use redundant network is gone, without setting fire wall in outside.
The purpose of the present invention is realized by following structure.
(1)A kind of NMS, it is characterised in that be made up of following part:
1st network, its connection factory management equipment;
2nd network, its field equipment connecting;And
Network management device, it has firewall functionality, with the 1st network and the 2nd network connection.
(2)According to above-mentioned(1)Described NMS, it is characterised in that
The network management device by connect via special connecting line and by redundant.
(3)According to above-mentioned(1)Or(2)Described NMS, it is characterised in that
The network management device has for the multiple COM1s with multiple network connections.
(4)According to above-mentioned(3)Described NMS, it is characterised in that
The multiple COM1 distributes security strategy, the multiple net different from safety zone to each COM1 Network is connected.
(5)According to above-mentioned(1)Extremely(4)Any one of NMS, it is characterised in that
The NMS is the network management constructed based on industrial automation wireless communication standard ISA100.11a System.
The effect of invention
According to said structure, network management device can be used simultaneously in the network of multiple level of securitys.
In addition, fire wall can not be set in addition and ensure safety, omission sets and with the trouble of redundant network.
Brief description of the drawings
Fig. 1 is the block diagram for representing one embodiment of the present of invention.
Fig. 2 is the block diagram of the concrete example for representing wireless network management equipment 61.
Fig. 3 is a block diagram for example for representing existing network.
Specific embodiment
Below, using accompanying drawing, the present invention will be described.Fig. 1 is the block diagram for representing one embodiment of the present of invention, for With Fig. 3 identicals part, identical label is marked.
Factory management equipment 11,12 is connected with the 1st network N W1, and above-mentioned factory management equipment 11,12 constitutes the 1st place of safety Domain SA1.
Wireless network management equipment 61,62 is connected with the 1st network N W1 and the 2nd network N W2.Wireless network management equipment 61 Connected using special connecting line with 62.Maintenance terminal 7 is directly connected to wireless network management equipment 61 or 62.It is above-mentioned wireless Network management device 61,62 and maintenance constitute the 6th safety zone SA6 with terminal 7.
51~5n of field apparatus is connected with the 2nd network N W2.
Wireless network management equipment 61,62 except being in industrial automation wireless communication standard ISA100.11a Beyond system management function and gateway function, also with firewall functionality.There is fire prevention by making wireless network management equipment 61,62 Wall function such that it is able to be directly connected to wireless network management equipment 61,62 and each network N W1, NW2.
Also, by each the port assignment security strategy to wireless network management equipment 61,62 such that it is able to safety The different multiple network connections of strategy.
In addition, by using special connecting line in the communication between wireless network management equipment 61,62 such that it is able to Construct redundant structure.
Fig. 2 is the block diagram of the concrete example for representing wireless network management equipment 61.In fig. 2, on processing data packets portion 61a COM1 61b is used in the management equipment connection of connection redundant, and connects firewall functionality portion 61c.
Filtering rule setting data storehouse 61d is connected on firewall functionality portion 61c, and connects maintenance terminal and directly linked With COM1 61e, upper network connection COM1 61f, lower network connection COM1 61g.
In the structure of Fig. 2, firewall functionality portion 61c obtains filtering rule simultaneously from filtering rule setting data storehouse 61d Acted.Herein, so-called filtering rule, refers to the information such as the IP address guide look of the unlicensed communications in each COM1.
Firewall functionality portion 61c is based on the filtering rule obtained from filtering rule setting data storehouse 61d, to the number for receiving It is controlled according to bag, the packet that communication is licensed is sent to processing data packets portion 61a.
Synchronizing information is carried out between the wireless network management equipment 61,62 for constituting redundant, to cause a wireless network Network management equipment(Such as 61)Interior database with turn into another wireless network management equipment for being matched(Such as 62)Interior Database is same.
In for the communication for carrying out database synchronization, such as using redundant management equipment connection COM1 61b, Redundant management equipment connection COM1 61b is used to be directly connected to another in a wireless network management equipment 61 Wireless network management equipment 62.Thus, the logical of database synchronization is not carried out on upper side network N W1 and the next side network N W2 Letter.
According to structure as described above, can be by the multiple nets different from level of security of wireless network management equipment 61,62 Network NW1, NW2 are connected.
Fire wall can not be in addition used, and wireless network management equipment 61,62 is set on the border of level of security.
It is directly connected to using special connecting line each other by making wireless network management equipment 61,62, from without constructing For the network of redundant structure, and can easily realize redundant.
Also, during by making wireless network management equipment 61,62 be run with redundant structure needed for communication, be via What special connecting line was carried out, therefore influence will not be produced on other networks.As the Special-purpose connecting line of the situation, it is not limited to Netting twine, it is also possible to using client cables, the backboard of printing distributing board.
In addition, in the above-described embodiments, for network management device for the example of wireless network management equipment is said It is bright, but not limited to this, also it is obtained in that identical effect for wired network management device.
As described above, in accordance with the invention it is possible to realize following NMSs, the NMS passes through Using the wireless network management equipment for being built-in with firewall functionality simultaneously such that it is able to make in the network of multiple level of securitys With, fire wall can not be set in outside and ensure safety, omit the step of setting and use redundant network.
In addition, purpose described above is only that the present invention will be described and illustrates, illustrate only specific preferred real Apply example.Therefore, the present invention is not limited by above-described embodiment, in scope without departing from its spirit, comprising more changes, is become Shape.
The application is that the Japanese Patent proposed based on June 25th, 2012 goes out to be willing to(Patent 2012-142224)And propose , its content is introduced herein as reference.
The explanation of label
11st, 12 factory management equipment
51~5n field apparatus
61st, 62 wireless network management equipment
61a processing data packets portion
61b redundant management equipment connection COM1s
61c firewall functionalitys portion
61d filtering rule setting datas storehouse
The direct link COM1 of 61e maintenance terminals
The upper network connection COM1s of 61f
61g lower network connection COM1s

Claims (4)

1. a kind of NMS, it is characterised in that be made up of following part:
1st network, its connection factory management equipment;
2nd network, its field equipment connecting;And
Multiple network management devices, it has firewall functionality, and possesses database, the plurality of network management device and described 1 network and the 2nd network connection,
The multiple network management device is by the way that via special connecting line connection, by redundant, the special connecting line is used for Database and the multiple network management device to a network management device of the multiple network management device it is another The database of individual network management device is synchronized.
2. NMS according to claim 1, it is characterised in that
The network management device has for the multiple COM1s with multiple network connections.
3. NMS according to claim 2, it is characterised in that
As the multiple COM1, security strategy is distributed to each COM1, different from safety zone is the multiple Network connection.
4. NMS according to any one of claim 1 to 3, it is characterised in that
The NMS is the NMS constructed based on industrial automation radio communication specification ISA100.11a.
CN201380001913.9A 2012-06-25 2013-06-04 Nms Active CN103650634B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
JP2012-142224 2012-06-25
JP2012142224A JP5445626B2 (en) 2012-06-25 2012-06-25 Network management system
PCT/JP2013/065419 WO2014002699A1 (en) 2012-06-25 2013-06-04 Network management system

Publications (2)

Publication Number Publication Date
CN103650634A CN103650634A (en) 2014-03-19
CN103650634B true CN103650634B (en) 2017-05-31

Family

ID=49782865

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201380001913.9A Active CN103650634B (en) 2012-06-25 2013-06-04 Nms

Country Status (5)

Country Link
US (1) US10003575B2 (en)
EP (1) EP2874466B1 (en)
JP (1) JP5445626B2 (en)
CN (1) CN103650634B (en)
WO (1) WO2014002699A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5601353B2 (en) * 2012-06-29 2014-10-08 横河電機株式会社 Network management system
JP5556858B2 (en) * 2012-06-29 2014-07-23 横河電機株式会社 Network management system
US11165602B2 (en) * 2017-10-31 2021-11-02 Murata Machinery, Ltd. Communication system, controlled device, and control method for communication system
WO2019123523A1 (en) 2017-12-18 2019-06-27 日本電気株式会社 Communication device, communication system, communication control method, and program

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1602610A (en) * 2001-08-03 2005-03-30 波音公司 An airborne security manager

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020188700A1 (en) * 2001-06-08 2002-12-12 Todd Steitle System and method of interactive network system design
US7302700B2 (en) * 2001-09-28 2007-11-27 Juniper Networks, Inc. Method and apparatus for implementing a layer 3/layer 7 firewall in an L2 device
US7197660B1 (en) * 2002-06-26 2007-03-27 Juniper Networks, Inc. High availability network security systems
FR2844415B1 (en) * 2002-09-05 2005-02-11 At & T Corp FIREWALL SYSTEM FOR INTERCONNECTING TWO IP NETWORKS MANAGED BY TWO DIFFERENT ADMINISTRATIVE ENTITIES
US20050240989A1 (en) * 2004-04-23 2005-10-27 Seoul National University Industry Foundation Method of sharing state between stateful inspection firewalls on mep network
US7941837B1 (en) * 2007-04-18 2011-05-10 Juniper Networks, Inc. Layer two firewall with active-active high availability support
US8782771B2 (en) 2007-06-19 2014-07-15 Rockwell Automation Technologies, Inc. Real-time industrial firewall
CN101834831A (en) * 2009-03-13 2010-09-15 华为技术有限公司 Method, device and system for realizing redundant backup of network address translation (NAT) equipment
US8826413B2 (en) * 2009-12-30 2014-09-02 Motorla Solutions, Inc. Wireless local area network infrastructure devices having improved firewall features
JP4900487B2 (en) 2010-01-06 2012-03-21 横河電機株式会社 Control network management system
JP5110406B2 (en) * 2010-03-01 2012-12-26 横河電機株式会社 Field communication management device
JP5041257B2 (en) * 2010-04-22 2012-10-03 横河電機株式会社 Field communication system and field communication method
JP5581141B2 (en) * 2010-07-29 2014-08-27 株式会社Pfu Management server, communication cutoff device, information processing system, method, and program
JP5494816B2 (en) * 2010-10-20 2014-05-21 日本電気株式会社 COMMUNICATION CONTROL DEVICE, SYSTEM, METHOD, AND PROGRAM
US8446818B2 (en) * 2010-11-01 2013-05-21 Avaya Inc. Routed split multi-link trunking resiliency for wireless local area network split-plane environments
JP2012226680A (en) * 2011-04-22 2012-11-15 Internatl Business Mach Corp <Ibm> Management system, management method and management program for managing industrial control system
US9270642B2 (en) * 2011-10-13 2016-02-23 Rosemount Inc. Process installation network intrusion detection and prevention

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1602610A (en) * 2001-08-03 2005-03-30 波音公司 An airborne security manager

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Application of trusted network technology to industrial control networks;Hamed Okhravi, David M. Nicol;《INTERNATIONAL JOURNAL OF CRITICAL INFRASTRUCTURE PROTECTION 2(2009)》;20091001;摘要,第85-91页,图2 *

Also Published As

Publication number Publication date
JP5445626B2 (en) 2014-03-19
CN103650634A (en) 2014-03-19
EP2874466B1 (en) 2017-08-09
EP2874466A1 (en) 2015-05-20
JP2014007588A (en) 2014-01-16
US20150222599A1 (en) 2015-08-06
EP2874466A4 (en) 2016-02-17
WO2014002699A1 (en) 2014-01-03
US10003575B2 (en) 2018-06-19

Similar Documents

Publication Publication Date Title
CN106571977B (en) Data transmission method and device
CN103650634B (en) Nms
CN108156074A (en) Pretection switch method, the network equipment and system
CN102780635B (en) The method of pretection switch, TOR switch and system is realized based on TRILL network
CN100481832C (en) Communication device, edge router device, server device, communication system and communication method
CN102045409B (en) Network penetrating method and network communication system
CN105451219B (en) Data integration method and device
CN106209430A (en) The method of a kind of wireless network extension and wireless router
CN105871674A (en) Ring protection link fault protection method, device and system
GB2500846A (en) Network system, network apparatus, and network information setting method
Roosta et al. An intrusion detection system for wireless process control systems
CN106413127A (en) Method and system for connecting relay device with remote network management server, and the relay device
CN102197680A (en) Wireless communication system, wireless communication method thereof, repeater devices and wireless terminal devices
CN102984175A (en) Front-end monitoring equipment without IP and agent device
CN108966363A (en) A kind of connection method for building up and device
CN108141399A (en) For preventing the method and apparatus of the manipulation at CAN bus by being connected to the node in bus by means of CAN controller
CN103067216A (en) Reverse communication method of crossing safety zone, device and system
CN107431971A (en) Wireless invasive system of defense sensor and the method using the sensor disconnected end
CN103944824B (en) Communication system and network repeater
CN103069751A (en) Network information processing system, network information processing apparatus, and information processing method
CN107154948A (en) A kind of multi-protocol data exchange method applied to car launcher information control system
CN104580346A (en) Data transmission method and device
CN105632385A (en) LED display screen blind spot detection method and detection device thereof
CN103945394A (en) Wireless access point device, network system and network automatic configuration method thereof
CN104641594B (en) Multicast message updates

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant